lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 7 Sep 2016 12:50:13 +0200
From:   Juerg Haefliger <juerg.haefliger@....com>
To:     gregkh@...uxfoundation.org
Cc:     stable@...r.kernel.org, linux-kernel@...r.kernel.org,
        grant.likely@...retlab.ca
Subject: Re: [PATCH 4.4 0/4] CVE fixes for 4.4

Hi Greg,

Did you have a chance to look at the below 4 patches?

Did I do something wrong when submitting them or are there other reasons not to include them in the
4.4 kernel?

Btw, they still apply on top of 4.4.20.

Thanks
...Juerg


On 08/29/2016 03:38 PM, Juerg Haefliger wrote:
> This patch series fixes the following CVEs in the 4.4 kernel:
>   - CVE-2016-0758
>   - CVE-2016-5243
>   - CVE-2016-5244
>   - CVE-2016-6130
> 
> David Howells (1):
>   KEYS: Fix ASN.1 indefinite length object parsing
> 
> Kangjie Lu (2):
>   tipc: fix an infoleak in tipc_nl_compat_link_dump
>   rds: fix an infoleak in rds_inc_info_copy
> 
> Martin Schwidefsky (1):
>   s390/sclp_ctl: fix potential information leak with /dev/sclp
> 
>  drivers/s390/char/sclp_ctl.c | 12 +++++++-----
>  lib/asn1_decoder.c           | 16 +++++++++-------
>  net/rds/recv.c               |  2 ++
>  net/tipc/netlink_compat.c    |  3 ++-
>  4 files changed, 20 insertions(+), 13 deletions(-)
> 


-- 
Juerg Haefliger
Hewlett Packard Enterprise



Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ